UCF ID: 02066 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of critical assets that have been reviewed from the perspective of environmental risks / # of critical assets.
Calculation source: No authority document source of information exists. The following formula was used: the number of assets that have been analyzed to identify environmental risks to the asset divided by the number of critical assets listed in the CMDB for each business unit (or the organization as a whole) .
The Common Control IDs associated with this metric are as follows:
- • Establish and maintain adequate environmental controls and processes. [UCF Control ID 00724]
• Physical and environmental protection [UCF Control ID 00709]
Supporting and supported controls
This control directly supports:
- • Establish and maintain a physical environment metrics program. [UCF Control ID 02063]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE15.3; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2
US Federal Security Guidance
The organization must measure and report on the percentage of critical assets that have been reviewed from the perspective of environmental risks such as temperature, fire, flooding, etc. [ISPE15.3, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of critical assets that have been reviewed from the perspective of environmental risks such as temperature, fire, and flooding. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.